From 7b2d246d506d63df8c37d8683058bec41c50c2f9 Mon Sep 17 00:00:00 2001
From: Janos Pasztor <janos@pasztor.at>
Date: Sat, 6 Mar 2021 10:12:26 +0100
Subject: [PATCH] 0.9.7: Bugfixing validation

This release fixes a validation bug introduced in the previous version where TLS parameters were validated even if the URL didn't point to a `https://` URL.
---
 CHANGELOG.md |  4 ++++
 client.go    | 18 ++++++++++--------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e02702b..3989e70 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.9.7: Bugfixing validation
+
+This release fixes a validation bug introduced in the previous version where TLS parameters were validated even if the URL didn't point to a `https://` URL.
+
 ## 0.9.6: Configurable TLS support, unified logging
 
 This release adds configurable TLS versions, ciphers, ECDH curves, as well as transitioning to the unified logging interface. 
diff --git a/client.go b/client.go
index 657d750..5b6ad11 100644
--- a/client.go
+++ b/client.go
@@ -346,14 +346,16 @@ func (c *ClientConfiguration) Validate() error {
 		return err
 	}
 
-	if err := c.TLSVersion.Validate(); err != nil {
-		return fmt.Errorf("invalid TLS version (%w)", err)
-	}
-	if err := c.ECDHCurves.Validate(); err != nil {
-		return fmt.Errorf("invalid curve algorithms (%w)", err)
-	}
-	if err := c.CipherSuites.Validate(); err != nil {
-		return fmt.Errorf("invalid cipher suites (%w)", err)
+	if strings.HasPrefix(c.URL, "https://") {
+		if err := c.TLSVersion.Validate(); err != nil {
+			return fmt.Errorf("invalid TLS version (%w)", err)
+		}
+		if err := c.ECDHCurves.Validate(); err != nil {
+			return fmt.Errorf("invalid curve algorithms (%w)", err)
+		}
+		if err := c.CipherSuites.Validate(); err != nil {
+			return fmt.Errorf("invalid cipher suites (%w)", err)
+		}
 	}
 
 	return c.validateClientCert()